iptables
iptables
Домен в Зоне .РФ
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Не открывает тоже (
мб ДНС какие на .РФ дописать ?
Яндекс ДНС
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Code: Select all
[root@k ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Вс 2018-07-15 17:13:52 MSK; 1h 5min ago
Process: 2361 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=1/FAILURE)
Process: 2468 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 2468 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
июл 15 17:13:52 k.78city.ru systemd[1]: Starting IPv4 firewall with iptables...
июл 15 17:13:52 k.78city.ru iptables.init[2468]: iptables: Applying firewall rules: [ OK ]
июл 15 17:13:52 k.78city.ru systemd[1]: Started IPv4 firewall with iptables.
Code: Select all
[root@k ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:us-srv
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds,pop3,pop3s,imap,imaps
fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- k.78city.ru anywhere
ACCEPT all -- k anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports http,https
ACCEPT tcp -- anywhere anywhere multiport dports ftp,entextxid:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds
ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports imap,imaps
ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgres
ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (3 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (3 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (0 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (0 references)
target prot opt source destination
Chain INPUT_direct (0 references)
target prot opt source destination
Chain IN_public (3 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain fail2ban-FTP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain vesta (0 references)
target prot opt source destination
Code: Select all
[root@k ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Яндекс ДНС
Last edited by Sergy F on Sun Jul 15, 2018 7:03 pm, edited 4 times in total.
Re: iptables
А если остановить iptables, сайт открывается?
Code: Select all
service iptables stop
-
- Posts: 31
- Joined: Fri Apr 07, 2017 2:03 pm
Re: iptables
iptables - не туда смотрите.Sergy F wrote: ↑Sun Jul 15, 2018 3:16 pmДомен в Зоне .РФ
Поддержка Lets Encrypt
Сайт не видится.....
думаю не пускает iptables.
Помогите пожалуйста разобраться...
Code: Select all
[root@k ~]# systemctl status iptables ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Вс 2018-07-15 17:13:52 MSK; 1h 5min ago Process: 2361 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=1/FAILURE) Process: 2468 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 2468 (code=exited, status=0/SUCCESS) CGroup: /system.slice/iptables.service июл 15 17:13:52 k.78city.ru systemd[1]: Starting IPv4 firewall with iptables... июл 15 17:13:52 k.78city.ru iptables.init[2468]: iptables: Applying firewall rules: [ OK ] июл 15 17:13:52 k.78city.ru systemd[1]: Started IPv4 firewall with iptables.
Не открывает тоже (Code: Select all
[root@k ~]# iptables -L Chain INPUT (policy DROP) target prot opt source destination fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:us-srv fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds,pop3,pop3s,imap,imaps fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- k.78city.ru anywhere ACCEPT all -- k anywhere ACCEPT all -- localhost anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere multiport dports http,https ACCEPT tcp -- anywhere anywhere multiport dports ftp,entextxid:12100 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,ms-v-worlds ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s ACCEPT tcp -- anywhere anywhere multiport dports imap,imaps ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgres ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv ACCEPT icmp -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (3 references) target prot opt source destination FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (3 references) target prot opt source destination FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (0 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (0 references) target prot opt source destination Chain INPUT_direct (0 references) target prot opt source destination Chain IN_public (3 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination Chain fail2ban-FTP (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-MAIL (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-VESTA (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain vesta (0 references) target prot opt source destination
мб ДНС какие на .РФ дописать ?Code: Select all
[root@k ~]# service iptables stop Redirecting to /bin/systemctl stop iptables.service
Яндекс ДНС
Попробуйте добавить домен в формате Punycode, рас уж у Ваш домен кириллический. Например вестацп.рф будет выглядеть вот так xn--80adj5big3a.xn--p1ai . И если будете на нем почту использовать, то хлопот не оберетесь.